Friends keep coming up to me and complaining that they had to wipe all their phone because of some attempt to do something.
However, if you give me a brand-new phone and throw mine out of a high-building window, I won’t stop you, because I have a copy of my phone at home, from that same morning, and I don’t even have to think about it.

Want to feel free again? Not scared that this small thing you carry in your pocket with all your life gets ruined? Well, here is how you do it:

Things you will need

Your device needs to be rooted – I am afraid thats a requirement for Titanium backup and all programs that back up app data

Titanium backup – You can use the free version for backing up, but for a single-click restore you will need to pay (I bought it and recommended you do even if its the only thing you ever buy on the play store)

rsync backup for Android – This will back up all your photos and data that isn’t part of your apps, if you don’t root but this is all you want to back up, this post might help you too!

What to do

On titanium backup, open the “schedules” tab and set up a “Backup all user apps + system data” schedule and tick all the days you want your apps to backup on. Pick a time when you are likely be asleep and not using the phone, for this post lets assume its 6am.

Titanium Backup, create the backup all apps and data schedule

Titanium Backup, Set the schedule

On rsync backup for android,

Tap the meny key and select “get binaries“

Tap the menu key and select “Generate keys“, this will create for you two files, one in /sdcard/dss_key and another in /sdcard/dss_key.pub (don’t hand your friends the dss_key, its a private key).

Rsync for android’s menu

Tap the menu key and select “Add Profile” and call it “Backup All”, local file or directory should point to /sdcard (or you top-level of all your memory cards).

Set usename to the username on the computer you are doing the ssh to.

Server (IP or hostname) should point to the IP of your PC.

Dropbear SSH private key should point to /sdcard/dss_key

Remote file or directory should point to a folder on your PC (make sure you mkdir -p its path, and that you have writing permissions!).

You can check “Close log window after job if done” so you know in the morning it ran, check “delete remote files that are no longer in source directory. Leave “rsync in reverse” and “send notification using remove notifier” unchekced. Save the new profile.

Rsync 4 android profile page 1

Rsync 4 android profile page 2

On your computer,

You should have ssh and rsync installed, on ubuntu/debian do apt-get install apt-get install rsync openssh-server

Paste the line from the file /sdcard/dss_key.pub on your phone to ~/.ssh/authorized_keys file on your PC ( Note: it begins with “ssh-dss” and ends with “android@bender”, this is a single line).

At this point I suggest you go to rsync 4 android and tap on the “Backup all” profile you made, make sure that indeed files are getting backed up to your folder, as seen in the picture below. The first sync takes a while, afterwards only changes would be synced. If it does not work, go over the steps above, or comment here and we can try and troubleshoot.

Rsync for android running

On Llama, (on first use accept the boring stuff) in the “Events” tab delete all the profiles, you don’t need them (if you do want to use Llama for other things feel free to keep them).

Add. New event, name it ‘backup my phone” or something like that.

Add in your new event a condition between 7:00 – 7:30 (or an hour later from when you set titanium to back up)

Add a condition “WiFi Network Connected” and point it to your home wifi, that way it would only work if you are at home, if you have a problem with this condition you can try and set your own way of detecting you are at home

Add a condition Battery Level and set it to “Battery raises above…” and 20%, this makes sure your phone won’t run out of battery at night if unplugged.

Rate this:

Share this:

Like this:

Related

Works great, thanks. Is it possible to backup to an already-running (remote) rsync daemon (NICE’d accordingly etc.) via SSH rather than opening a new rsync process on the remote host (which seems to be how this method works)?

I cut/pasted dss_key.pub onto the target server ~/.ssh/authorized_keys, but all I get is
Host ‘hostname key accepted unconditionally’
(fingerprint …)
Connection error!

I tried it both letting rsync send the dss_key in an email, and cut/past the content of dss_key.pub.
The strange thing is that the two keys are different. When sending it in email, the key contains ‘rsync@android’ at the end of line, wherelse the dss_key.pub on the android device contains ‘app_140@localhost’.

But alas, whichever I cut/past into the target host authorized_keys, it does not work.

I use the domain name of the target, because I need to use it from outside my home network, but the port 22 works well, I tested it with connectbot ssh client.

Hey Istvan,
First, know the difference between a public key and a private key. You need the public key on your server, and the private key set on your phone.
When you cut and paste, make sure you do not introduce any characters (like line endings or spaces).
Also, BEFORE you try things as your domain name on the network, try and set this all locally, you are introducing places where things can go wrong. After you set it up locally, you can clone the solution to your server. Does the setting work locally for you?

Thanks, GuySoft,
I double checked the keys and found I used the public and private keys the right way. But after your post, I tried it within my lan, only to find that it works like charm. Apparently, I had something wrong with the profile that I created for the wan acess.
So I deleted my old wan profile, duplicated the profile that works with lan, and changed the local host name to whatever.dyndns.org.
It works just the way it is meant to work now.
Very exciting. Now I have a perfect, predictable tool to get rid of the half-a-dozen vague, cloud based sync.
Very good work, thanks again.
Istvan

Hi there!
I am using “ap-hotspot” package to create hotspot from my Ubuntu 12.04, where on eth0, my computer have IP of 9.x.x.x series and on wlan0 my computer has IP 192.168.150.1 . My phone which is connected to the hotspot has IP 192.168.150.9. I am able to SSH to both the IPs from my phone by user “pawan”.
After generating keys, dss_key.pub on phone ends with “u0_a257@localhost” and the one which the app asks to share ends with “rsync@android”. I added the public key ending with “rsync@android” to ~/.ssh/authorized_keys. I have created the profile as below:

Kind of stupid question: how do I delete or edit an already existing profile in rsync for Android app, I did it wrong first time, works great second time but now I have two profiles and I want to get rid of one of them and also to exit the profile if something changes, please help.

What a great howto with detailed instructions! Many thanks for the author!

However, I was wondering if the Titanium backup should really do new backups every night as there is option to do “Backup new user+system apps & newer versions” ? Also I would like to inquire what value the author has in Titanium backup preference “Max backup history” ?

Thanks once more for this amazing howto which adds up great pieces of software and moulds them to one great backup process!

It seems that Titanium Backup 6.1.5.2 kills Llama while backupping. Filtering of Llama was no success. So unfortunately after backup, Llama 1.2013.08.29.2128 is not up after backup to start rsync… all on Android 4.4

When you say “filtering off” you mean excluding Llama from the backup, correct?
Because that’s the only thing I can think of off the top of my head.
It seems like the reason titanum back is killing Llama is because its trying to back it up.

As Guysoft said: you have to check the “chmod 700″ for .ssh and “chmod 600″ for authorized_keys AND
check the directory/file rights for the user AND the path of the .ssh had to be in the home directory of the user (check the /etc/ssh/sshd.config for that too)!

Oh well, this is embarrassing. There was no authorized_keys in the .ssh directory, so I made a directory named authorized_keys and put the dss_key.pub file there. When I tried using rsync on another server, I realized that authorized_keys is a file, not a directory and that I had not read the guide properly. I got it working now. Thank you both for helping.

Hi,
1st: what if I need two phones to make backup with the same PC. How it would look like in authorized_keys file. Or what to do on the 2nd phone?
2nd question: What is the option if I just need to move the photos from DCIM to move to PC. (in that case I need not just copy, but really delete the source after copy)

Unfortunately this is not working anymore, at least in Debian unstable with latest openssh-server update. Some ‘unsafe algorithms’ were removed in latest openssh release.http://www.openssh.com/txt/release-6.7

Hey grepero,
Can you elaborate? Because I don’t understand how “CBC ciphers and arcfour” which are the algorithms they mention there are related to the ones used here. I have a machine running Debian unstable, and it seems to be ok.

The error message I was getting was something along the lines of ‘no matching algo kex …’ or somesuch, sorry I’ve since downgraded openssh and its working again so I don’t want to upgrade it again and break it just to see the exact error.

If you get kex algo exchange error, you can add diffie-hellman-group1-sha1 into KexAlgorithms section in sshd.conf of the Debian box you are connecting to. As grepero said, some of the algorithms were removed from sshd. However, do your own homework on rate of security/insecurity you are punching into sshd.

Same kex error here with Archlinux@Raspberry on the remote end. Rsync broke after receiving the update openssh-6.7p1-1-armv6h. Has anyone managed to find updated rsync/ssh binaries for Android in order to avoid re-enabling unsafe algorithms?

Beware, we are talking about ssh _server_ configuration. I presume it should be sshd_config, not ssh_config, if cygwin mirrors unix layout.
If you have put it into sshd_config (and ssh_config was only typo here), you may attempt more tedious way of finding right cipher/mac/key exchange: look into sshd config documentation (man page), copy/paste the default list into configuration file under right directive (KexAlgorighms, Ciphers, MACs) and then selectively add the rest from supported ones until you find combination which works for you. Or the other way around, add all and selectively remove while it still works. It’s bit tedious, but halving interval algorithm may help :). Unfortunatelly, sshd log isnt much helpful even if debug enabled. Good luck.

That’s very possible – default distribution sshd_config (or most of unix style configuration files, for that matter) does NOT contain all the possible konfigurable knobs. Only the most used/useful ones (based on authors and/or package creator opinions) do. You will have to add seldom used configuration options yourself (which KexAlgorithms, Ciphers and MACs definitely are). Look into sshd_config documentation. As I don’t use cygwin, but real unix, I can’t help you with that – but possibly even cygwin has something like manpages or info. Also usually you can find even some versions of manual online, for example here: http://cdn.i0.cz/public-data/f6/84/c1a0728c39c28b5bd2163283152f_w720_h458_g908d98c6636611e4aff10025900fea04.jpg?hash=c98c26ecea64b2bdf5435b5d
00d79ba8

I’m thinking this isn’t worth the effort for me anyway. I like having this set up as a set-it and-forget-it solution. I don’t want to reconfigure cygwin and make it less secure.

Much better, I think, to find a way to fix rsync4android or find something to take its place. Not sure if a config file needs to be edited, or if it just needs an updated rsync binary, or if something in the apk needs to be changed. Dev does not respond to emails. 😦

Sure, that’s wise attitude. Note though that security is multilayered issue, so in common case, when regular user account is used on the server for accessing from rsync2 with private key without passphrase on the phone, where server has been already made as secure as accessing the phone, adding diffie-hellman-group1-sha1, considered nowadays breakable in hundreds of years is least of worries. 🙂 If you’ll be able to solve problem on rsync4android, I’d like to hear (as I’ve already tried). I’m afraid problem might lay in ssh client library, used by rsync4backup (dropbear I think), and the fact that last version is from 2011.

I ended up installing a ssh server for rooted devices: https://play.google.com/store/apps/details?id=web.oss.sshsftpDaemon&hl=en and symlinking rsync from /data/data/eu.kowalczuk.rsync4android/files/rsync to /system/bin. Now I can rsync in both directions using the command line (On the debian sid box using the latest ssh server ( openssh-server 1:6.7p1-3). Easy enough to do if you have a rooted android device.

Actually the symlink was in /system/xbin/ fwiw. I left out an important part for the android side which was also symlinking the ssh client from vx connectbot there as well. The debian box doesn’t complain about algo kex mismatch.

I’ve just exchanged rsync for Androids own ssh in /data/data/eu.kowalczuk.rsync4android/files/ with that from SSHDroid in /data/data/berserker.android.apps.sshdroid/dropbear/, works fine, too. In the end it looks like rsync for Androids own ssh is just a bit… incomplete, encryption-wise.

I had problems with my non-rooted device only copying a single symbolic link, so I created two jobs, one for /sdcard/Android and the other for /sdcard/DCIM — these included everything I wanted and I use the following rsync_options:

i get the “/data/data/eu.kowalczuk.rsync4android/files/ssh: Warning failed creating /data/.ssh: Permission denied” message, this is just a warning as stared and i suspect it is because later versions of android wont let some apps write to the root?? regardless this isnt a problem as mine words fine with this error.

That works fine so far. But I found two improvements. The backup files of TTB are compressed by default. So small changes in the backup source results in big changes in the compressed file. The better way is to set compression off. So small changes of the source files will end in small changes in the backup file (tar) which makes the rsync delta encoding VERY efficient. To increase sync speed activate -zz compression in rsync. Additionally TTB appends date and time stamps to the filesnames. So rsync will exchange all files every time. I wrote a small script which removes the variable part of the filenames, so a real sync of the files becomes possible. This things speed up the syncronizaton tremendously.

I was trying to sync to a borrowed macbook pro. I copied the dss_key.pub into ~/.ssh/authorized_keys on the laptop, as per the advice above, and chmod 600 this file, but it still didn’t login successfully. Then i remembered this from another time on another machine. Make sure you also make the home directory not group writable. yes that’s right.. Not obvious. eg:

Open a new Terminal on OSX macbook pro and run this:

chmod g-w ~

and make sure you have that “~” at the end, with a space in front.
It means remove write permission for “group” on “~” which is the homedir. yay unix FTW!